CVE-2022-29041

Опубликовано: 12 апр. 2022

Источник: redhat

CVSS3: 6.4

EPSS Средний

Описание

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins-2-plugins	Not affected
Red Hat OpenShift Container Platform 4.10	jenkins-2-plugins	Fixed	RHSA-2022:1600	02.05.2022
Red Hat OpenShift Container Platform 4.9	jenkins-2-plugins	Fixed	RHSA-2022:2205	18.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2074850Jira: Stored XSS vulnerabilities in Jenkins Jira plugin

EPSS

Процентиль: 95%

0.18202

Средний

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2022-29041

CVSS3: 5.4

nvd

около 3 лет назад

GHSA-m3p3-2gp6-ghq8